<?php

include ("conexion.php");

$username=$_POST['username'];
$password=$_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);


$sql="SELECT * FROM usuarios WHERE usuario='" . $username . "' and contrasena='" . md5($password) . "'";
$result = mysql_query($sql) or die($sql1."<br/><br/>".mysql_error());;

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
session_start();
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['username']=$username;
header("location:index.php");
}
else {
header("location:login.php");
}
?>